As this month’s blog theme’s is ‘Cybersecurity Maturity Model Certification (CMMC),’ I am focused on the 18 November 2025 Town Hall webinar by the CMMC-Accreditation Body (CMMC-AB), at https://cyberab.org. These folks are a great free resource, as the CMMC-AB is “the sole authorized non-governmental partner of the U.S. Department of Defense (DoD) in implementing and overseeing the CMMC conformance regime.”
I have been following their monthly Town Hall webinars for years, and they really put an effort into a one-hour monthly program. Once you sign up (from the above website) and attend one, you will get monthly email reminders for future town halls. They also record the webinars on the website in 3-4 days, so if you miss it, you can make it up. Regarding the 18 Nov 2025 webinar, If you need something in the next couple of months, you should play the tape, as the next Town Hall is not until 27 January 2026.
Here is the latest: Code of Federal Regulations Title 48 is now in effect! Who cares? Well, if you are involved with one of a couple of hundred thousand Defense Industrial Base (DIB) companies who want to sell something to the Federal government, you do very much! These are new rules on how the Feds can buy from you.
Since 10 Nov 2025, and until 9 Nov 2026, assuring DIB companies are protecting Federal Contract Information (FCI) at CMMC Level 1, and Controlled Unclassified Information (CUI) at CMMC Level 2, is based on “Self-Assessment.” Sound straightforward and easy? Not so fast, as you will need to show that your self-assessment was thorough and not just a paper statement. Also: The Department of War has a reserve right to make Level 2 Self-Assessment tougher, mandating those ‘Star Wars’ funny-named ‘C3PAOs’ be involved in your self-assessment process. Bottom Line: Your ‘proof of FCI and CUI protection’ is going to involve some real effort!
Side Note: Actually, the CMMC-AB’s website overall is a good reference. The CMMC Ecosystem is heavily filled with acronyms, so you need to know the lingo if you are going to get much out of the Town Halls. The people on the webinar tend to speak in insider shorthand. The easiest way I have found to learn it is to go to ‘Resources’ on the horizontal bar and use the drop down menu for ‘Terminology.’ Pay particular attention to the words ‘Certified,’ and ‘Registered.’ Big difference!